Commits
Peter Korsgaard committed cc9282ae8c3
libvorbis: add upstream security fixes Fixes the following security issues: CVE-2017-14632: Libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. CVE-2017-14633: In libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). Signed-off-by: Peter Korsgaard <peter@korsgaard.com>